<?php

if (!defined('NV_SYSTEM')) { die ("You can't access this file directly..."); }

require_once("mainfile.php");
$module_name = basename(dirname(__FILE__));
get_lang($module_name);
if (file_exists("".$datafold."/config_".$module_name.".php")) {
	@require_once ("".$datafold."/config_".$module_name.".php");
}
if (defined('_MODTITLE')) $module_title = _MODTITLE;
############################################

    function main($sid) {
      global $mbrow, $articlecomm, $datafold, $sitename, $prefix, $user_prefix, $db, $module_name, $admin, $bgcolor1, $bgcolor2;
    $sid = intval($sid);
    if ((stristr($REQUEST_URI,"mainfile")) || (!isset($sid))) {  exit; }
      $result = $db->sql_query("SELECT title, acomm FROM ".$prefix."_stories WHERE sid='$sid'");
      if ($numrows = $db->sql_numrows($result) != 1) { exit; }
      $row = $db->sql_fetchrow($result);
      $title = stripslashes(check_html($row['title'], "nohtml"));
      $acomm = intval($row['acomm']);
echo"<html>\n<head>\n"
  . "<meta http-equiv=\"Content-Type\" content=\"text/html; charset="._CHARSET."\">\n"
  . "<title>"._COMMENTSQ."</title>\n</head>\n<body bgcolor=\"#ECF3FB\">\n<h3>$title</h3>\n"
  . "<hr size=\"1\" color=\"#DC0312\"><center>$sitename - "._COMMENTSQ."<hr size=\"1\" color=\"#DC0312\">\n";
      $subject = "Re: $title";
      if ((!defined('IS_ADMMOD')) AND (($articlecomm == 0) OR ($acomm == 1))) {
      echo "<center><b>"._NOCOMMENTSACT."<b></center>";
      }
      else if ((!defined('IS_ADMMOD')) AND (!defined('IS_USER')) AND ($articlecomm == 2)) {
        echo "<center><b>"._NOANONCOMMENTS."<b></center>";
      }
      else {
      echo "<form action=\"modules.php?name=$module_name&amp;file=comm\" method=\"post\">";
      if (!defined('IS_USER')) {
        echo ""._YOURNAME.": <input type=\"text\" name=\"postname\" size=\"15\" maxlength=\"25\"> ";
        echo ""._FYOUREMAIL.": <input type=\"text\" name=\"postemail\" size=\"15\" maxlength=\"25\"><br><br>";
        echo "<input type=\"hidden\" name=\"posturl\" value=\"\">";
      } else {
      $posturl = $mbrow['user_website'];
      $postemail = $mbrow['user_email'];
        echo "<input type=\"hidden\" name=\"postname\" value=\"$mbrow[username]\">\n"
            ."<input type=\"hidden\" name=\"postemail\" value=\"$postemail\">\n"
            ."<input type=\"hidden\" name=\"posturl\" value=\"$posturl\">\n";
      }
        echo ""._UCOMMENT.":<br><textarea wrap=\"virtual\" cols=\"45\" rows=\"10\" name=\"comment\"></textarea><br><br>"
            ."<input type=\"hidden\" name=\"subject\" value=\"$subject\">"
            ."<input type=\"hidden\" name=\"sid\" value=\"$sid\">\n"
            ."<input type=\"hidden\" name=\"op\" value=\"savecomments\">\n"
            ."<input type=\"submit\" value=\""._COMMENTREPLY."\"> \n<input type=\"reset\" value=\""._RESET."\"></form>\n";
      }
echo "<hr size=\"1\" color=\"#DC0312\"><button onclick=\"window.close();\">"._CLOSEWIN."</button></center><hr size=\"1\" color=\"#DC0312\">\n"
  . "</body>\n</html>";
    }

    function savecomments($sid, $postname, $postemail, $posturl, $subject, $comment) {
      global $client_ip, $articlecomm, $datafold, $prefix, $db, $user_prefix, $module_name, $sitename;
      if ((!defined('IS_ADMMOD')) AND (((!defined('IS_USER')) AND ($articlecomm == 2)) OR ($articlecomm == 0))) { exit; }
      $sid = intval($sid);
      if ((stristr($REQUEST_URI,"mainfile")) || (!isset($sid))) { exit; }
      $result = $db->sql_query("SELECT * FROM ".$prefix."_stories WHERE sid='$sid'");
      if ($numrows = $db->sql_numrows($result) != 1) { exit; }
      $row = $db->sql_fetchrow($result);
      $acomm = $row[acomm];
      if ((!defined('IS_ADMMOD')) AND ($acomm == 1)) { exit; }
    $f = 40;
    $e = explode(" ",$comment);
    for ($a = 0; $a < sizeof($e); $a++) {
    $o = strlen($e[$a]);
    }
    $result = 0;

    if ($subject == "") {
    $result = 1;
    $eror = ""._ACEROR1."";
    }

    if ($comment == "") {
    $result = 2;
    $eror = ""._ACEROR2."";
    }

    if ($o > 40) {
    $result = 3;
    $eror = ""._ACEROR3."";
    }

    if (($postname == "") || (!$postname) || (strlen($postname) > 25)){
    $result = 4;
    $eror = ""._ACEROR4."";
    }

    if ((!$postemail) || ($postemail=="") || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,6}$",$postemail))) {
    $result = 5;
    $eror = ""._ACEROR6."";
    }
    if ($result != 0) {
echo"<html>\n<head>\n"
  . "<meta http-equiv=\"Content-Type\" content=\"text/html; charset="._CHARSET."\">\n"
  . "<title>"._COMMENTSQ."</title>\n</head>\n<body bgcolor=\"#ECF3FB\">\n<h3>$title</h3>\n"
  . "<hr size=\"1\" color=\"#DC0312\"><center>$sitename - "._COMMENTSQ."<hr size=\"1\" color=\"#DC0312\">\n";
    echo "<br><br><br><br><center><b>";
    echo "$eror<br><br>"._GOBACK."";
    echo "</b></center><br><br><br>";
echo "<hr size=\"1\" color=\"#DC0312\"><button onclick=\"window.close();\">"._CLOSEWIN."</button></center><hr size=\"1\" color=\"#DC0312\">\n"
  . "</body>\n</html>";
    exit;
    }
    $postemail = FixQuotes(filter_text($postemail, "nohtml"));
    $posturl = FixQuotes(filter_text($posturl, "nohtml"));
    $subject = FixQuotes(filter_text($subject, "nohtml"));
    $comment = nl2br(FixQuotes(filter_text($comment, "nohtml")));
    $ip = $client_ip;
            $db->sql_query("INSERT INTO ".$prefix."_stories_comments VALUES (NULL, '$sid', now(), '$postname', '$postemail', '$posturl', '$ip', '$subject', '$comment')");
            $db->sql_query("UPDATE ".$prefix."_stories SET comments=comments+1 WHERE sid='$sid'");
echo"<html>\n<head>\n"
  . "<meta http-equiv=\"Content-Type\" content=\"text/html; charset="._CHARSET."\">\n"
  . "<title>"._COMMENTSQ."</title>\n</head>\n<body bgcolor=\"#ECF3FB\">\n<h3>$title</h3>\n"
  . "<hr size=\"1\" color=\"#DC0312\"><center>$sitename - "._COMMENTSQ."<hr size=\"1\" color=\"#DC0312\">\n";
echo "<br><br><center>"._THANKS."</center><br><br>\n";
echo "<hr size=\"1\" color=\"#DC0312\"><button onclick=\"window.close();\">"._CLOSEWIN."</button></center><hr size=\"1\" color=\"#DC0312\">\n"
  . "</body>\n</html>";
    }

switch($op) {

    case "savecomments":
        savecomments($sid, $postname, $postemail, $posturl, $subject, $comment);
        break;

    default:
        main($sid);
        break;

}

?>